jump to navigation

Felweb Changes Owners May 1, 2009

Posted by ismywebsite in general.
trackback

So, as the story goes, sometime over the last 2 weeks while I was busy with exams, something came in that might have been important. It looked like this:

Hello,

We have some issue regarding security because of some WordPress out of date and some Joomlas out of date. We will be performing a Security Audit tomorrow, so we are asking for your collaboration in letting us know which accounts your users are not using so we can terminate them and avoid useless work.

We appreciate your colaboration. Regards,

Felipe Diaz
FelWeb Network

Oddly enough, no one from support thought to tell me, or even star it so I might chance upon it and actually do something. This was April 23rd. Three hours later,

Do not worry, this has been done by us already. All infected accounts had been terminated due to our TOS. This accounts were not up to date on their scripts making a security hole for our server, and indeed today we had a vulnerability. This vulnerability was trough an account so we needed to do this for the datacenter in order to keep things running as normal.

And then,

I am sorry if th[ese] messages are bothering you. Please have all your users update their scripts, as your users are the only users who have been exploited. The exploited files are normally seen as numbers.php (example 3846293.php) as user nobody and are always under a 777 chmod folder. So please make sure your users chmod maximun on 775.

Nothing important here either, I guess. All resolved. Followed by an invoice, also unstarred and unmentioned. And not important either:

We have implemented the new PHP handler SUPHP to achieve a higher security performance on the server reducing 90% of the vulnerabilities in scripts. Also, this handler will eliminate the problem of files being owned by nobody instead of your group user making the file ineditable, so this time you will be able to eliminate yourself any suspicious file.

It is important that you do check on all your client´s websites, to confirm that all of them are working as normal. If any website do not work as expected you need to check the next things before contacting us:

1. Is the script downloaded from the internet? If it is, is the version installed the last one available?
2. Do you have folders with 777 permissions? If so, please restore them to 755 and your scripts will continue working with it, but without the vulnerability of getting exploited injected files.

Should you have any question please do not hesitate in contacting us.

Or this,

Greetings,

Despite our measures this morning the server was attacked and vulnerated. More than 50% of our clients are affected with this downtime because we had to take the server down for reinstallment. If you are not affected, please do not read this message.

We are at this moment installing the OS and cPanel. All information is stored and will be transfered back.

Estimated Resolution Time: 11 PM

We apologize for any inconvenience this may have caused.

Felipe Diaz Castellar

Finally, I did received word of this and it was starred:

Hello Matt,

We are sorry to announce but the new owner of FelWeb Network had decided not to host free hosting providers anymore due to the insecure matters it involves. You can request any backup you would like within the next 48 hours as maximu[m].

We thank you for your always preference on us and I was personally happy to work with you when I was the owner. That is why I had to tell you myself about this notice.

Best regards,
Felipe Diaz

So there you have it, ladies and gentlemen. This is why your accounts are not working anymore. I am very sorry for not taking the time to notice something like this, but in all honestly I definitely think we need either an improvement in the people handling support, or an improvement in the people handling support, and I can’t do it all, all the time.

I’ve dealt with this now, doing the best I can do, and fighting for 10 last days that we can use to transition properly into in a new server. Such ends our 1 year relationship with FelWeb, through good and bad. For you, there are 5 other servers, soon to be 6, and you need just ask to get an account on any one of them.

For now, exams are over and I’m back to sort out the mess that always becomes of this hosting when I can’t be there to clean it up. First up, establishing a team.

Advertisements

Comments»

1. pvcsnathan - May 2, 2009

That, my friends, is why you don’t run PHP as root.

2. pvcsnathan - May 2, 2009

Also, the cleanup of this is relatively easy…all they need to do is change the permissions of all files to 755 and below and then remove the numbered files…quite simple to do with root access. I should know since this had to be dealt with during the dedicated server era.

It’s quite sad that they put the pressure to fix it on you since the problem is with their server being vulnerable and not with the users.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: